doulong2782 2014-07-19 17:20
浏览 130

通过PHP和LDAPS设置Active Directory密码

Okay I am stumped.

I am trying to write some PHP code to create a user in active directory with a password.

The PHP will run an Ubuntu server if it makes any difference talking to a Server 2008r2 Windows Domain Controller.

I can create the user no problems using PHP but I can not set the password. I have tried what feels like every possible code on the internet but it just will not work.

I believe that I have to create the user and then modify the password after. As a result I have the following code.

$domadlogin =  'domainadminusername';
    $domadpw =  'a2b3c4d5e';
    $domctrl = 'ldaps://DCIPADDRESS';

    $ldapServer = $domctrl;
    $ldapBase =  'OU=Users,DC=example,DC=co,DC=uk';
    $ds = ldap_connect($ldapServer);
    if (!$ds) {die('Cannot Connect to LDAP server');}
    $ldapBind = ldap_bind($ds,$domadlogin,$domadpw);
    if (!$ldapBind) {die('Cannot Bind to LDAP server');}
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

    $dn_user='CN=Test User,OU=New Users,OU=Users,DC=example,DC=co,DC=uk';;

    $newPassword =  "1.Password!";
    $newPassword = "\"" . $newPassword . "\"";
    $len = strlen($newPassword);
    for ($i = 0; $i < $len; $i++)
    {
    $newPassw .= "{$newPassword{$i}}\000";
    }
    $newPassword = base64_encode($newPassw);
    $userdata['unicodePwd'] = $newPassword;
    $result = ldap_modify($ds, $dn_user, $userdata);
        if ($result) echo "User modified!" ;
    else echo "There was a problem!";

    ldap_unbind($ds);

I know that LDAPS is working as this works

ldapsearch -x -d 2 -LLL -H ldaps://DCIPADDRESS -b 'OU=Users,DC=example,DC=co,DC=uk' -D 'domainadminusername' -W '(sAMAccountName=username)'

Can anyone tell me what I am doing wrong.

Thanks

  • 写回答

1条回答 默认 最新

  • doutuan9357 2014-07-20 17:03
    关注

    I'am not a PHP writer here some guidelines from one of a closed question I answered :

    Using PHP, you can change or create a user with the good password an AD user password using LDAP with a simple bind on an SSL connexion.

    For this you need to install a certificate on you AD server. The simple way (not the more attractive) is to install Microsoft Certificate Server on your domain (Enterprise installation see Configuring Microsoft Active Directory for SSL Access) and then to reboot your domain controler. You can also generate a certificate with OpenSSL and install it on the computer (see How to enable LDAP over SSL with a third-party certification authority).

    Here is a sample of an LDIF File that allow to create a user with his password on an SSL connexion, you will find the way I generate the base 64 string for the password :

    # Imported with :
# ldifde -i -t 636 -f .\Annuaire3.ldf
# Password generated by ("" must be encoded inside):
# stringconverter.exe \"test.2011\" /unicode /encode
# Connexion then tested with :
# runas /user:jdupont cmd.exe (password is test.2011)

dn: cn=Jean Dupont,OU=MonOU,DC=societe0,DC=fr
changetype: add
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jean Dupont
givenName: Jean
sn: Dupont
mail: jean.Dupont@societe.fr
telephoneNumber: 9999
userAccountControl: 544
sAMaccountName: jdupont
userPrincipalName: jdupont@societe.fr
unicodePwd:: IgB0AGUAcwB0AC4AMgAwADEAMQAiAA==
    评论

报告相同问题?

悬赏问题

  • ¥15 yolov8边框坐标
  • ¥15 matlab中使用gurobi时报错
  • ¥15 WPF 大屏看板表格背景图片设置
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真